mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 12:40:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Note the equivalence of two macros, thanks to RSA-PSK removal

Browse Source 
Removing the now-duplicate internal macro is left for future work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2024-09-20 18:39:29 +02:00
parent fdf7db019b
commit 0068fceba3
1 changed files with 7 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
include/mbedtls/ssl_ciphersuites.h
View File

@ -272,19 +272,14 @@ typedef enum {
/* Key exchanges allowing client certificate requests. /* Key exchanges allowing client certificate requests.
* *
* Note: that's almost the same as MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED * This is now the same as MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED,
* above, except RSA-PSK uses a server certificate but no client cert. * and the two macros could be unified.
* * Until Mbed TLS 3.x, the two sets were different because
* Note: this difference is specific to TLS 1.2, as with TLS 1.3, things are * MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED covers
* more symmetrical: client certs and server certs are either both allowed * MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED plus RSA-PSK.
* (Ephemeral mode) or both disallowed (PSK and PKS-Ephemeral modes). * But RSA-PSK was removed in Mbed TLS 4.0.
*/ */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
#define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED #define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
#endif #endif